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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 

Response to Arguments 

1 . Applicant's arguments filed September 17, 2008 have been fully considered but 
they are not persuasive. Applicant argues that Scheidt fails to teach or suggest using a 
single key to encrypt both the data and the digital signature. However, Pierce teaches a 
session key used to encrypt the application data (page 2, paragraph 19). While Scheidt 
may fail to teach the exact specific key being used to encrypt the signature, Scheidt 
teaches encrypting the digital signature (column 1 7, lines 1-11), and Pierce teaches a 
session key that is used to encrypt the application data (page 2, paragraph 19). Since 
the digital signature would be part of the application data, in combination with Pierce the 
digital signature would have been encrypted using the session key. 



Claim Rejections - 35 USC § 103 

2. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

3. Claims 1 - 1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Pierce in view of Scheidt further in view of Gruber. 

4. Referring to claims 1 and 10, Pierce discloses: 

a. Creating a timestamp that includes an expiration time (page 7, paragraph 
76), and a security token (figure 4), and inserting them in the header (page 9, 
paragraph 89). 
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b. Encrypting data to be transferred with a secret key (page 2, paragraph 19, 
and inserting it in the body (page 8, paragraph 88). 

c. Attaching a digital signature to create a signature, and inserting it in the 
header (page 8, paragraph 86). 

d. Encrypting the secret key with the service key (page 7, paragraph 77) and 
inserting it in the header (page 9, paragraph 89). The key is encrypted in the 
token which is then in the header. Therefor the key is in the header. The service 
key could be a public key (page 4, paragraph 40). 

5. Pierce does not explicitly disclose the digital signature being encrypted in the 
header, or the header containing routing information. However, Scheidt discloses the 
header containing the creators identity, and labels to define the audience of the file 
(column 4, lines 53-61 ). Scheidt further discloses the digital signature being encrypted 
in the message header (column 17, lines 1-1 1) and that the digital signature is 
verification of the original signer of the message (column 6, lines 56-59). 

6. Pierce and Scheidt are analogous art because they are from the same field of 
endeavor, securing data that is transferred. At the time of the invention, it would have 
been obvious to one of ordinary skill in the art, having the teachings of Pierce and 
Scheidt before him or her, to modify Pierce to include the digital signature encryption, 
and recipient information of Scheidt. The motivation for doing so would have been that 
so the signatory cannot deny having signed the object (column 6, lines 56-59). 

7. Pierce in view of Scheidt does not explicitly disclose a creation time. However, 
Gruber discloses indicating a start time and end time (page 2, paragraph 11). 
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8. Pierce, Scheidt and Gruber are analogous art because they are from the same 
field of endeavor, securing data. At the time of the invention, it would have been obvious 
to one of ordinary skill in the art, having the teachings of Pierce, Scheidt and Gruber 
before him or her, to modify Pierce in view of Scheidt to include the creation time and 
expiration of Gruber. The motivation for doing so would have been to make clear when 
the approval started. 

9. Referring to claim 2, Pierce teaches that the session key is used to both encrypt 
(page 2, paragraph 19) and decrypt (page 2, paragraph 21) the data . It is inherent that 
the session key is symmetric. 

1 0. Referring to claim 3, Pierce teaches that the public key encryption done on the 
secret key is asymmetric (page 4, paragraph 40). 

1 1 . Referring to claim 4, since a SOAP message is XML (Pierce, Page 8, Paragraph 
83) it is understood that the encryption would be using an XML algorithm. 

12. Referring to claims 5 and 1 1 , Pierce teaches: 

e. Acquiring a certificate for verifying a signature of the SOAP message 
(page 8, paragraph 86). 

f. Decrypting an encrypted key in the security header(page 7, paragraph 71 ) 
with a private key (page 4, paragraph 40). 

g. Inserting a digital signature in the header (page 8, paragraph 86). 

h. Verifying the signature is not specifically stated, but Pierce does state that 
the system would be able to check the validity of the signature (page 8, 
paragraph 86). 



Application/Control Number: 10/750,516 Page 5 

Art Unit: 2432 

1. Decrypting the encrypted data in the SOAP body with the secret key (page 

2, paragraph 21). 

1 3. Pierce does not explicitly disclose decrypting the digital signature or the header 
containing routing information. However, Scheidt discloses the header containing the 
creators identity, and labels to define the audience of the file (column 4, lines 53-61 ). 
Scheidt goes on to disclose the digital signature being decrypted (column 17, lines 18- 
20) and that the digital signature is verification of the original signer of the message 
(column 6, lines 56-59). 

14. Pierce and Scheidt are analogous art because they are from the same field of 
endeavor, securing data that is transferred. At the time of the invention, it would have 
been obvious to one of ordinary skill in the art, having the teachings of Pierce and 
Scheidt before him or her, to modify Pierce to include the digital signature decryption, 
and recipient information of Scheidt. The motivation for doing so would have been that 
so the signatory cannot deny having signed the object (column 6, lines 56-59). 

1 5. Pierce in view of Scheidt does not explicitly disclose the certificate being in the 
security token which is in the header. However, Gruber discloses the token being a 
certificate (page 2, paragraph 21) and that the header contains the token (page 5, claim 
19). The token also contains a signature that verifies identification (page 4, paragraph 
30). 

16. Pierce, Scheidt and Gruber are analogous art because they are from the same 
field of endeavor, securing data. At the time of the invention, it would have been obvious 
to one of ordinary skill in the art, having the teachings of Pierce, Scheidt and Gruber 
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before him or her, to modify Pierce in view of Scheidt to include token being the 
certificate that is in the header of Gruber. The motivation for doing so would have been 
to be able to verify the identification (page 4, paragraph 30). 

1 7. Referring to claim 6, Pierce teaches the passing of the certificate as it is part of 
the security-concerning information (page 8, paragraph 86). In the specification the 
applicant defines a security token as security-concerning information. 

18. Referring to claim 7, Pierce teaches that the session key is used to both encrypt 
(page 2, paragraph 19) and decrypt (page 2, paragraph 21) the data . It is inherent that 
the session key is symmetric. 

1 9. Referring to claim 8, Pierce teaches that the public key encryption done on the 
secret key is asymmetric (page 4, paragraph 40). 

20. Referring to claim 9, since a SOAP message is XML (Pierce, Page 8, Paragraph 
83) it is understood that the encryption would be using an XML algorithm. 



Conclusion 

21 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CORDELIA KANE whose telephone number is 
(571 )272-7771 . The examiner can normally be reached on Monday - Thursday 8:00 - 
5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/C. KV 

Examiner, Art Unit 2432 
/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2432 



